Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web single sign-on system is vulnerable to XML signature wrapping attacks. More details can be found in the Shibbolethadvisory at http://shibboleth.internet2.edu/security-advisories.html

For the oldstable distribution (lenny), this problem has been fixed inversion 2.0-2+lenny3.

For the stable distribution (squeeze), this problem has been fixed inversion 2.3-2+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your opensaml2 packages.

Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: http://www.debian.org/security/